package com.yuan.admin.config;

import com.yuan.admin.service.CustomUserService;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
import org.springframework.web.servlet.config.annotation.EnableWebMvc;


@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true,jsr250Enabled = true,prePostEnabled = true)//开启注解
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {//1

    /***
     * 数据库验证用户名
     * @param http
     * @throws Exception
     */
//	@Bean
//	UserDetailsService customUserService(){ //2
//		return new CustomUserService();
//	}
//
//	@Override
//	protected void configure(AuthenticationManagerBuilder auth) throws Exception {
//		auth.userDetailsService(customUserService()); //3
//	}

    /***
     * 权限控制
     * @param http
     * @throws Exception
     */
    @Override
    protected void configure(HttpSecurity http) throws Exception {

        http.authorizeRequests()
//                .anyRequest().authenticated() //4
                .antMatchers("/static/css/**", "/").permitAll()
                .antMatchers("/index/**", "/").permitAll()
                .antMatchers("/upload/**").permitAll()
//                .antMatchers("/user/**").hasRole("USER")
                .antMatchers("/admin/**").hasRole("ADMIN")
                .and()
                .formLogin()
                .loginPage("/login")
                .failureUrl("/login?error")
                .permitAll() ;//5

//            http.authorizeRequests()
//                    .mvcMatchers("/css/*")
//                    .permitAll().mvcMatchers("/admin/**").authenticated()
//                    .and().formLogin().loginPage("/login").failureUrl("/login?error")
//                    .defaultSuccessUrl("/admin")
//
//                .and()
//                .logout()
//                .permitAll();

//        http.authorizeRequests()
//                .anyRequest().authenticated() //4
//                .antMatchers("/static/css/**", "/").permitAll()
//                .antMatchers("/index/**", "/").permitAll()
//                .antMatchers("/user/**").hasRole("USER")
//                .and()
//                .formLogin()
//                .loginPage("/login")
//                .failureUrl("/login?error")
//                .permitAll() ;//5
//                .and()
//                .logout().permitAll(); //6
//资源访问权限
//        http.authorizeRequests()
//                .antMatchers("/admin/login").permitAll()//管理员登录入口
//                .antMatchers("/static/**").permitAll()//静态资源
//                .antMatchers("/user/login").permitAll()//用户登录入口
//                .antMatchers("/admin/**").hasRole("ADMIN")
//                .antMatchers("/user/**").hasAnyRole("ADMIN","USER")
//                .antMatchers("/api/user/**").hasAnyRole("ADMIN","USER")
//                .and()
//                .formLogin()
//                .loginProcessingUrl("/login")//配置之角色登录处理入口
//                .successForwardUrl("admin")
//                .and()
//                .logout()
//                .logoutUrl("/logout")
//                .logoutSuccessUrl("/logout/page")
//                .deleteCookies("JESSIONID")
//                .invalidateHttpSession(true)
//                .and()
//                .exceptionHandling()
//                .accessDeniedPage("/403");
//        http.csrf().disable();
//        http.headers().frameOptions().sameOrigin();

//        http.formLogin().loginPage("/login").loginProcessingUrl("/auth/login").defaultSuccessUrl("/index")
//                .and()
//                .logout().logoutSuccessUrl("/login")
//                .and()
//                .authorizeRequests()
//                .antMatchers("/css/**", "/js/**","/images/**", "/static/**").permitAll()//允许访问静态资源
//                .antMatchers("/login","/auth/login").permitAll()  //  premitAll()不做拦截
////                .antMatchers("/index").authenticated()   //authenticated()  必须登录后可见
//                .antMatchers("/admin").access("hasRole('ROLE_ADMIN')")//含有Test权限的才可以访问
//                .anyRequest().authenticated();

}


    /***
     * 配置管理员密码,配置在内存中
     * @param auth
     * @throws Exception
     */
    @Override
    public void configure(AuthenticationManagerBuilder auth) throws Exception {
//        旧的加密方式
//        builder.inMemoryAuthentication()
//                .withUser("admin").password("admin").roles("ADMIN")
//                .and()
//                .withUser("user").password("user").roles("USER");
            //  SpringSec 5 之后的加密方式    inMemoryAuthentication 从内存中获取
            auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder()).withUser("admin").password(new BCryptPasswordEncoder().encode("admin")).roles("ADMIN");
            auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder()).withUser("user").password(new BCryptPasswordEncoder().encode("user")).roles("USER");
        }

    }

